all done as requested.
Logfile of HijackThis v1.99.1
Scan saved at 05:19:03, on 15/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
E:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
E:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\ng2003\GHOSTS~2.EXE
E:\WINDOWS\System32\nvsvc32.exe
E:\Program Files\Spyware Doctor\sdhelp.exe
E:\WINDOWS\System32\snmp.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
C:\My Shared Folder\WRSSSDK.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\wdfmgr.exe
E:\PROGRA~1\PESTPA~1\PPControl.exe
E:\PROGRA~1\PESTPA~1\PPMemCheck.exe
E:\PROGRA~1\PESTPA~1\CookiePatrol.exe
E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
E:\WINDOWS\System32\RUNDLL32.EXE
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
E:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
E:\Program Files\Netropa\Onscreen Display\OSD.exe
E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ng2003\GhostStartTrayApp.exe
E:\WINDOWS\VM_STI.EXE
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
E:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
E:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
E:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
E:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
E:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
E:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
E:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
E:\WINDOWS\System32\msiexec.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Hjt\dave.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D4B27B4-32A9-462D-AF6C-37D63C4779E8} - E:\WINDOWS\System32\mllji.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar1.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - E:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2502.dll
O4 - HKLM\..\Run: [PestPatrol Control Center] E:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [Jet Detection] "E:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [PPMemCheck] E:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] E:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] E:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [AVG7_RegCleaner] E:\PROGRA~1\Grisoft\AVGFRE~1\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [REGSHAVE] E:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] E:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ussshreg] E:\PROGRA~1\ULEADS~1.0\Ussshreg.exe /r
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\ng2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [BigDogPath] E:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [DW4] "E:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "E:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [PopUpStopperProfessional] "E:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - HKCU\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://e:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - e:\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - e:\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - E:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - E:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} -
http://housecall-beta.trendmicro.com/housecall/xscan60.cabO16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) -
http://www.lizardtech.com/download/files/w...ntrol_en_US.cabO16 - DPF: {10ABC6DB-E091-4EAE-98DD-21B5A2460714} (DetInstaller Class) -
http://www.pandasoftware.es/avchecker/cont...s/AvDetInst.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://download.ewido.net/ewidoOnlineScan.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cabO16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) -
http://updates.lifescapeinc.com/installers...ll/pinstall.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) -
http://messenger.zone.msn.com/binary/Bankshot.cab31267.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cabO16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} -
http://messenger.zone.msn.com/binary/Chess.cab31267.cabO16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
https://www-secure.symantec.com/techsupp/ac.../ActiveData.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - E:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\ng2003\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - E:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - E:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\My Shared Folder\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Combo -
User - 06-11-15 5:14:25.78 Service Pack 1
ComboFix 06.11.9 - Running from: "E:\Documents and Settings\User\Desktop\Virus Software"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
E:\QooBox\Purity\Program Files\SSTEM~1
E:\QooBox\Purity\Program Files\SSTEM~1\s?stem
E:\QooBox\Purity\Program Files\SSTEM~1\s?stem\ctxad-500.0000
E:\QooBox\Purity\Program Files\SSTEM~1\s?stem\ctxad-500.0001
E:\QooBox\Purity\Program Files\SSTEM~1\s?stem\ctxad-500.0002
E:\QooBox\Purity\Program Files\SSTEM~1\s?stem\ctxad-500.0003
E:\QooBox\Purity\Program Files\SSTEM~1\s?stem\ctxad-500.0004
E:\QooBox\Purity\Program Files\SSTEM~1\s?stem\ctxad-500.0005
E:\QooBox\Purity\Program Files\SSTEM~1\s?stem\ctxad-500.0006
E:\QooBox\Purity\Documents and Settings\User\Application Data\FNTS~1
E:\QooBox\Purity\Documents and Settings\User\Application Data\FNTS~1\?xplorer.exe
((((((((((((((((((((((((((((((( Files Created from 2006-10-15 to 2006-11-15 ))))))))))))))))))))))))))))))))))
2006-11-14 20:06 6,392 --a------ E:\WINDOWS\system32\tmp.reg
2006-11-14 20:05 53,248 --a------ E:\WINDOWS\system32\Process.exe
2006-11-14 20:05 40,960 --a------ E:\WINDOWS\system32\swsc.exe
2006-11-14 20:05 288,417 --a------ E:\WINDOWS\system32\SrchSTS.exe
2006-11-14 20:05 135,168 --a------ E:\WINDOWS\system32\swreg.exe
2006-11-13 21:30 110,612 --a------ E:\WINDOWS\system32\wmbkytrg.exe
2006-11-13 20:25 3,968 --a------ E:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-13 19:04 71,168 --a------ E:\WINDOWS\system32\rxpfgmj.dll
2006-11-13 19:03 93,696 --a------ E:\WINDOWS\system32\zrhazsi.dll
2006-11-13 18:59 59,392 --a------ E:\WINDOWS\system32\drvbiz.dll
2006-11-13 18:58 40,973 ---hs---- E:\WINDOWS\system32\opnnmkh.dll
2006-11-12 17:54 695,087 ---hs---- E:\WINDOWS\system32\egjlm.bak1
2006-11-12 17:54 692,276 ---hs---- E:\WINDOWS\system32\mljge.dll
2006-11-12 17:37 40,973 --ahs---- E:\WINDOWS\system32\awtrrsp(2).dll
2006-11-07 21:20 8,192 --a------ E:\WINDOWS\system32\tsbyuv.dll
2006-11-07 21:20 57,856 --a------ E:\WINDOWS\system32\drivers\drmk.sys
2006-11-07 21:20 49,664 --a------ E:\WINDOWS\system32\drivers\vfwwdm32.dll
2006-11-07 21:20 45,568 --a------ E:\WINDOWS\system32\iyuv_32.dll
2006-11-07 21:20 134,272 --a------ E:\WINDOWS\system32\drivers\portcls.sys
2006-10-22 23:03 983,040 --a------ E:\WINDOWS\system32\VchReg.dll
2006-10-20 19:01 131,072 --a------ E:\WINDOWS\system32\diovlzsv.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-13 21:30 -------- d-------- E:\Program Files\VSAdd-in
2006-11-07 21:14 -------- d-------- E:\Program Files\IVT Corporation
2006-11-05 19:27 -------- d-------- E:\Program Files\Apple Software Update
2006-10-31 01:54 -------- d-------- E:\Program Files\Shockwave.com
2006-10-25 21:24 -------- d-------- E:\Program Files\Google Video
2006-10-21 10:34 -------- d-------- E:\Program Files\CoffeeCup Software
2006-09-19 15:44 15664 --a------ E:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2006-09-19 15:43 109360 --a------ E:\WINDOWS\system32\GEARAspi.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"E:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"EPSON Stylus Photo R300 Series (Copy 1)"="E:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2F1.EXE /P39 \"EPSON Stylus Photo R300 Series (Copy 1)\" /M \"Stylus Photo R300\" /EF \"HKCU\""
"EPSON Stylus Photo R300 Series"="E:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2F1.EXE /P30 \"EPSON Stylus Photo R300 Series\" /M \"Stylus Photo R300\" /EF \"HKCU\""
"DW4"="\"E:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
"Copernic Desktop Search 2"="\"E:\\Program Files\\Copernic Desktop Search 2\\DesktopSearchService.exe\" /tray"
"PopUpStopperProfessional"="\"E:\\PROGRA~1\\PANICW~1\\POP-UP~1\\POPUPS~1.EXE\""
"Google Desktop Search"="\"E:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PestPatrol Control Center"="E:\\PROGRA~1\\PESTPA~1\\PPControl.exe"
"Jet Detection"="\"E:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"PPMemCheck"="E:\\PROGRA~1\\PESTPA~1\\PPMemCheck.exe"
"CookiePatrol"="E:\\PROGRA~1\\PESTPA~1\\CookiePatrol.exe"
"SSC_UserPrompt"="E:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"MULTIMEDIA KEYBOARD"="E:\\Program Files\\Netropa\\Multimedia Keyboard\\MMKeybd.exe"
"NvCplDaemon"="RUNDLL32.EXE E:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"EPSON Stylus Photo R300 Series"="E:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2F1.EXE /P30 \"EPSON Stylus Photo R300 Series\" /O5 \"LPT1:\" /M \"Stylus Photo R300\""
"NvMediaCenter"="RUNDLL32.EXE E:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"AVG7_CC"="E:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="E:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"EPSON Stylus Photo R300 Series (Copy 1)"="E:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2F1.EXE /P39 \"EPSON Stylus Photo R300 Series (Copy 1)\" /O6 \"USB001\" /M \"Stylus Photo R300\""
"AVG7_RegCleaner"="E:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgregcl.exe /BOOT"
"REGSHAVE"="E:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"Adobe Photo Downloader"="\"E:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"NeroCheck"="E:\\WINDOWS\\system32\\NeroCheck.exe"
"ISUSPM Startup"="E:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"E:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"TkBellExe"="\"E:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ussshreg"="E:\\PROGRA~1\\ULEADS~1.0\\Ussshreg.exe /r"
"GhostStartTrayApp"="C:\\Program Files\\ng2003\\GhostStartTrayApp.exe"
"BigDogPath"="E:\\WINDOWS\\VM_STI.EXE VIMICRO USB PC Camera"
"QuickTime Task"="\"E:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"E:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"E:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"SunJavaUpdateSched"="\"E:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,da,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="E:\\WINDOWS\\System32\\CTFMON.EXE"
"NvMediaCenter"="RUNDLL32.EXE E:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
"AVG7_Run"="E:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="E:\\WINDOWS\\System32\\CTFMON.EXE"
"NvMediaCenter"="RUNDLL32.EXE E:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
"AVG7_Run"="E:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:0000005f
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
E:\WINDOWS\tasks\Symantec NetDetect.job
E:\WINDOWS\tasks\XoftSpy.job
E:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 06-11-15 5:15:34.12
E:\ComboFix2.txt ... 06-11-14 20:30
E:\ComboFix.txt ... 06-11-15 05:15
Vundo -
VundoFix V6.2.8
Checking Java version...
Java version is 1.5.0.6
Scan started at 04:58:31 15/11/2006
Listing files found while scanning....
E:\WINDOWS\system32\zzaooji.dll
E:\WINDOWS\system32\fkzggpb.dll
E:\WINDOWS\system32\ugkgmkf.dll
E:\WINDOWS\system32\dxzpvjl.dll
E:\WINDOWS\System32\mllji.dll
E:\WINDOWS\System32\ijllm.ini
E:\WINDOWS\System32\ijllm.bak2
E:\WINDOWS\System32\ijllm.ini2
E:\WINDOWS\System32\ijllm.tmp
Beginning removal...
Attempting to delete E:\WINDOWS\system32\zzaooji.dll
E:\WINDOWS\system32\zzaooji.dll Has been deleted!
Attempting to delete E:\WINDOWS\system32\fkzggpb.dll
E:\WINDOWS\system32\fkzggpb.dll Has been deleted!
Attempting to delete E:\WINDOWS\system32\ugkgmkf.dll
E:\WINDOWS\system32\ugkgmkf.dll Has been deleted!
Attempting to delete E:\WINDOWS\system32\dxzpvjl.dll
E:\WINDOWS\system32\dxzpvjl.dll Has been deleted!
Attempting to delete E:\WINDOWS\System32\mllji.dll
E:\WINDOWS\System32\mllji.dll Has been deleted!
Attempting to delete E:\WINDOWS\System32\ijllm.ini
E:\WINDOWS\System32\ijllm.ini Has been deleted!
Attempting to delete E:\WINDOWS\System32\ijllm.bak2
E:\WINDOWS\System32\ijllm.bak2 Has been deleted!
Attempting to delete E:\WINDOWS\System32\ijllm.ini2
E:\WINDOWS\System32\ijllm.ini2 Has been deleted!
Attempting to delete E:\WINDOWS\System32\ijllm.tmp
E:\WINDOWS\System32\ijllm.tmp Has been deleted!
Performing Repairs to the registry.
Done!
Dave K
P.s i notice under vundofix it states java 6?
